fix(gitea): add TLS, scheme helper, and Skaffold registry config (#41)

Changes from PR #40 that didn't make it into main: - local.scheme derived from var.domain (http for homelab.local, https otherwise) - Gitea ROOT_URL and runner bootstrap URLs use local.scheme - Gitea Helm ingress gets TLS + letsencrypt certresolver annotations - Skaffold CI profile sets defaultRepo=git.gugagr.xyz/admin Co-authored-by: Gonçalo Rodrigues <guga@Goncalos-MacBook-Pro.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-26 22:06:06 +01:00 · 2026-06-26 22:06:06 +01:00 · 6dd7592ac9
commit 6dd7592ac9
parent d4ccff518e
3 changed files with 20 additions and 3 deletions
--- a/infrastructure/terraform/gitea.tf
+++ b/infrastructure/terraform/gitea.tf
@ -36,7 +36,7 @@ resource "helm_release" "gitea" {
        APP_NAME = "Homelab Git"
        server = {
          DOMAIN     = "git.${var.domain}"
-          ROOT_URL   = "http://git.${var.domain}"
+          ROOT_URL   = "${local.scheme}://git.${var.domain}"
          SSH_DOMAIN = "localhost"
          SSH_PORT   = 30001
        }
@ -56,10 +56,17 @@ resource "helm_release" "gitea" {
    ingress = {
      enabled   = true
      className = "traefik"
+      annotations = {
+        "traefik.ingress.kubernetes.io/router.tls"              = "true"
+        "traefik.ingress.kubernetes.io/router.tls.certresolver" = "letsencrypt"
+      }
      hosts = [{
        host  = "git.${var.domain}"
        paths = [{ path = "/", pathType = "Prefix" }]
      }]
+      tls = [{
+        hosts = ["git.${var.domain}"]
+      }]
    }

    # NodePort 30002: used by k3d containerd registry mirror (see k3d/config.yaml)
@ -112,7 +119,7 @@ resource "terraform_data" "gitea_runner_registration" {
    command     = <<-EOT
      set -e
      echo "Waiting for Gitea to be ready..."
-      until curl -sf "http://git.${var.domain}/api/v1/version" > /dev/null 2>&1; do
+      until curl -sf "${local.scheme}://git.${var.domain}/api/v1/version" > /dev/null 2>&1; do
        sleep 5
      done

@ -121,7 +128,7 @@ resource "terraform_data" "gitea_runner_registration" {

      TOKEN=$(curl -sf \
        -u "admin:$PASSWORD" \
-        "http://git.${var.domain}/api/v1/admin/runners/registration-token" \
+        "${local.scheme}://git.${var.domain}/api/v1/admin/runners/registration-token" \
        | grep -o '"token":"[^"]*"' | cut -d'"' -f4)

      kubectl patch secret gitea-runner-token -n gitea \
--- a/infrastructure/terraform/variables.tf
+++ b/infrastructure/terraform/variables.tf
@ -15,3 +15,7 @@ variable "domain" {
  type        = string
  default     = "homelab.local"
 }
+
+locals {
+  scheme = var.domain == "homelab.local" ? "http" : "https"
+}
--- a/skaffold.yaml
+++ b/skaffold.yaml
@ -18,3 +18,9 @@ profiles:
    activation:
      - kubeContext: k3d-homelab
  - name: ci
+    build:
+      local:
+        push: true
+      tagPolicy:
+        gitCommit: {}
+    defaultRepo: git.gugagr.xyz/admin